I don’t have eyes
#general
jolly aspen
eternal timber
Bummer
pallid lotus
Your processor has a certain number of virtual cores. Usually 16, 32, or 64 these days. If we were dealing with a task which did not require any I/O or dependencies then there would be no point in opening more threads than you have processors, or you'd be wasting a lot of time switching between them.
As it stands we are dealing with network connections, which obviously have latency. The optimal number of threads is therefore just a bit higher than your total number of available cores. The exact amount higher depends on how much latency, what else you're running, etc, etc, etc.
So a million threads would actually be pretty inefficient, but using a processor with 64 virtual cores, 70 or 80 might be reasonably effective, context dependent.
If you were after maximum efficiency then you'd benchmark it. As it is, you probably don't care that much, so just pick a number in that range and it'll be fine 
eternal timber
What a nerd
jolly aspen
I’m going to benchmark 1 million
pallid lotus
Also worth remembering to take the target into account though. You don't want to risk overloading the server
jolly aspen
Also worth remembering to take the target into account though. You don't want to...
Meh, it’s a THM server tho 😆
pallid lotus
On one hand, AWS get pretty annoyed if you mess with their network infrastructure...
On the other hand, that's THM's problem to deal with
vague dragon
the path stoped in the careers and jobs of cybersecurity
lusty tusk
the path stoped in the careers and jobs of cybersecurity
Scroll down and theres 3 more avenues
lusty tusk
the path stoped in the careers and jobs of cybersecurity
SOC analyst, Pen testing, and security engineer
drowsy dust
SOC analyst, Pen testing, and security engineer
Thanks Krusty
twin ridgeBOT
Gave +1 Rep to @lusty tusk (current: #1765 - 2)
lusty tusk
Hey friend. Thank you for my first rep 🙂
eternal timber
Second actually
drowsy dust
No problem :) enjoy
vague dragon
Scroll down and theres 3 more avenues
there isnt
vague dragon
https://tryhackme.com/hacktivities is the link
thank you
twin ridgeBOT
Gave +1 Rep to @lusty tusk (current: #1329 - 3)
lusty tusk
Quick question for y'all. I want to setup my own home lab to get practice with SIEM tools as well as some pen testing. I can obviously look up a guide for this, but I just wanted to see if anyone had any resources they really liked, or guides they enjoyed following.
umbral bay
👋
umbral bay
Busy with many new exciting projects. 😎 How about yourself?
blazing granite
Busy with many new exciting projects. 😎 How about yourself?
I bet big announcement tomorrow 🙂
I'm eating dinner
umbral bay
I bet big announcement tomorrow 🙂
Massive one for TryHackMe. 🙂
quasi hedge
Massive one for TryHackMe. 🙂
The SOC analyst cert?
drowsy dust
Quick question for y'all. I want to setup my own home lab to get practice with S...
I use wazuh via a VM which is good. Just setup your agents on each computer. you can combine other tools like wireshark and suricata too. I like to have suricata as my IPS and wireshark to feed my suricata etc
lusty tusk
I use wazuh via a VM which is good. Just setup your agents on each computer. you...
Thank you!
twin ridgeBOT
Gave +1 Rep to @drowsy dust (current: #168 - 49)
umbral bay
I'm eating dinner
Wonderful steak and barolo? 😄
blazing granite
Wonderful steak and barolo? 😄
not tonight, 0 effort because I'm a bit sick so just a schnitzel 😂
lusty tusk
I use wazuh via a VM which is good. Just setup your agents on each computer. you...
Another question for you! How do you document what you do on it? Like obviously having it setup means a lot, but how do you use it personally?
umbral bay
not tonight, 0 effort because I'm a bit sick so just a schnitzel 😂
From Vienna I hope, Wiener schnitzel. 🥳
lusty tusk
If that question doesn't have the best clarity, let me know 😂
blazing granite
From Vienna I hope, Wiener schnitzel. 🥳
argentine version 😂
drowsy dust
too much to explain really. but to link them together it just takes configuration of everything
lusty tusk
too much to explain really. but to link them together it just takes configuratio...
I mean more like, once everything is setup, what do you do to learn from it?
Like do you test out new pentesting techniques you've learned?
drowsy dust
Ah. Maybe you could learn by attacking your machine and seeing what triggers it and what you need to add to make those triggers go off
umbral bay
argentine version 😂
Milanesas a la Messi 😄
eternal timber
ankara Messi
drowsy dust
Like do you test out new pentesting techniques you've learned?
i.e you could see if nmap triggers it
if not then make it so it gets triggered
etc
blazing granite
Milanesas a la Messi 😄
milanesa de pollo 😂
drowsy dust
Like do you test out new pentesting techniques you've learned?
and yes that would be a good way to mess around and consolidate the information you learned. along with learning the blue team side by seeing if your SOC picks up anything and why
eternal timber
drowsy dust
you can tweak both your attacking and defense by doing that. i.e maybe doing a stealth scan gets past your SOC then you can set up your soc to pick up that next time. and then try another way your SOC doesnt pick up
etc
lusty tusk
and yes that would be a good way to mess around and consolidate the information ...
That makes a lot of sense! Thank you! Is that mainly what you do with yours?
twin ridgeBOT
Gave +1 Rep to @drowsy dust (current: #160 - 50)
drowsy dust
That makes a lot of sense! Thank you! Is that mainly what you do with yours?
At the start thats what I did to harden my system more. But I mainly have it as a protection
that and my pfsense
lusty tusk
that and my pfsense
So you have it setup on your actual network, not just in a simulated environment?
drowsy dust
So you have it setup on your actual network, not just in a simulated environment...
I have wazuh in a VM but it still works the same
and yeah its to protect my endpoints
pfsense is my firewall into my whole network
inner goblet
Ugh! Keyboard oil all over my keyboard 😩
eternal timber
Why’d you say it like that
lusty tusk
pfsense is my firewall into my whole network
That's really sick. Thank you. I'm like 6 months into my journey in this and it can be a lot to wrap your head around.
twin ridgeBOT
Gave +1 Rep to @drowsy dust (current: #157 - 51)
inner goblet
Why’d you say it like that
I’m just excited
drowsy dust
That's really sick. Thank you. I'm like 6 months into my journey in this and it ...
Def, just keep learning. You got this bro. Cyber is a life long learning career
eternal timber
I’m just excited
you're making it worse
inner goblet
you're making it worse
Oh yea?
eternal timber
https://tenor.com/view/cute-ed-sheeran-monkey-cute-ed-sheeran-monkey-gif-7022374...
why he look like curious george
drowsy dust
I like it though
ok diddler
eternal timber
0 Meng Hao 679
1 Li Qiye 6340
2 Wang 234000```
fossil merlin
Hiiiii
inner goblet
Because I’m oiling my keys?
eternal timber
Paul Erdos used to religiously take amphetamine
fossil merlin
Because I’m oiling my keys?
What
You can oil your keyboard?
I thought fast food grease and crumbs was enough for most gamers?
eternal timber
fossil merlin
fossil merlin
I’m going to benchmark 1 million
I believe in you uwu
mossy river
this meme put fetty wap into my top 10
blazing granite
this meme put fetty wap into my top 10
upbeat patio
how do i join the JR Penetration Tester channel
mossy river
how do i join the JR Penetration Tester channel
#junior-pentester-path <- click here
upbeat patio
Thanks Jabba
mossy river
Always 😎
eternal timber
this meme put fetty wap into my top 10
Yeah, baby.
Ay, I want you to be
mine again, baby, ay.
I know my lifestyle is
driving you crazy, ay.
I can never see myself without you,
we call them fans, though,
girl, you know what we do.
I go out of my way to please you,
I go out of my way to see you.
near sapphire
done, finally done
fringe nacelle
Yeah, baby.
Ay, I want you to be
mine again, baby, ay.
I know my lifestyle is
dr...
Glock in my rari
eternal timber
delicate compass
hello
elder peak
i lost complete acces to
No. Contact email providers support.
mossy adder
L server
elder peak
boreal scarab
L server
(He left already)
Fucker said "L Server" without doing basic googling for "TryHackMe"
dark frost
obtuse swift
Hi guys I'm doing master's in computer application i want to start my journey into cyber security can anyone guide or give me a roadmap
eternal timber
“I am become meme”
eternal timber
Hi guys I'm doing master's in computer application i want to start my journey in...
dark frost
Hi guys I'm doing master's in computer application i want to start my journey in...
If you in software apps you may follow the security devs path
dark frost
(He left already)
Fucker said "L Server" without doing basic googling for "TryH...
Crazy right , people find easier to come to a rondom discord server tryhackme then googling questions , how weird
steep mountain
Will there ever be an ethical hacker path?
steep mountain
Or is that basically pentester
crude stump
Yes
steep mountain
Okay
crude stump
Basically that
steep mountain
Okay thought they were two different roles
crude stump
Honestly, ethical hacker is just hacking but ethically 😂
steep mountain
True
cold sparrow
Hello anyone here know anything about aws buckets?
crude stump
Hello anyone here know anything about aws buckets?
No sorry
carmine tinsel
Honestly, ethical hacker is just hacking but ethically 😂
whaaat no way
crude stump
Jabba probably would but he’s not online
crude stump
whaaat no way
Crazy right
steep mountain
Hello anyone here know anything about aws buckets?
A little bit
carmine tinsel
when is thm going to add an unethical hacker path 😈
crude stump
carmine tinsel
all the wannabe instagram hackers here will finally have resources
carmine tinsel
someone here asked about snapchat lately
didn't know ppl still use snapchat in the year of our lord 2025
i thoutght that shit died in 2016
cold sparrow
ah im doing bugbounty atm found a aws bucket that i was able to curl upload a .txt to. just not sure what kind of vulnerability this is even if it is at all. from what i understand if i can download/ upload i can read/write and change data or put malicious things on there right?
i believe it should be 403 at least
near sapphire
when is thm going to add an unethical hacker path 😈
Task 1: Don't be unethical
Task 2 : Surrender yourself to the police
rapid merlin
Sup Ya'll!
Oof, yeah don't be unethical we got enough threat actors in the world as it is.
mellow narwhal
ah im doing bugbounty atm found a aws bucket that i was able to curl upload a .t...
Broken access control, P3 severity.
or P1 if its a public facing asset, normally
silver sky
when is thm going to add an unethical hacker path 😈
Honeypot for the FBI 
jks jks
cold sparrow
Broken access control, P3 severity.
appreciate it👍
silver sky
Oof, yeah don't be unethical we got enough threat actors in the world as it is.
Threat actors right now
mellow narwhal
appreciate it👍
congrats on finding it!
rapid merlin
yeah for real, good job @cold sparrow
carmine tinsel
bro youre on a roll
enjoy your bug bounty $$$, spend it on something cool like pentesterlab pro for me
rapid merlin
cold sparrow
haha Thanks, the real problem now is writing the report lmao
carmine tinsel
'yeah so there's like a vulnerability on your website and i hacked the shit out of it'
rapid merlin
haha Thanks, the real problem now is writing the report lmao
Templates are great for this.
Has anyone used the github workflows before?
cold sparrow
Hackerone has somewhat of a template to follow gladly
cold sparrow
yeah ive been wanting to go on there more. havent found much on h1 maybe i would on bc
runic copper
Hey guys, just starting my journey super excited!
half relic
good luck
runic copper
thanks!
cloud quiver
Hey guys, just starting my journey super excited!
Good luck on your journey 🙂 🚀
runic copper
How long have you guys been doing it for?
half relic
i read a bunch of books a long time ago but i didn't know there were websites with labs like this that you could use to actually use the information and i forgot most of it but i just signed up for this this week lol
i didn't want to create my own lab because it seemed like you would already know what the vulnerabilites are and that would be boring lol
runic copper
I am on introduction to Lan, i feel like i am going to forget alot of the information do you take any notes?
half relic
so about a week but most of this stuff sounds familiar lol
yeah i should have from the beginning but i just got obsdian installed
too bad i dont' know markdown lol
clear jackal
I am on introduction to Lan, i feel like i am going to forget alot of the inform...
Yes, you should be taking notes
runic copper
I can imagine reading books cant even compare to this type of learning though.
Thanks guys will do that and save myself the stress of trying to remember/research stuff.
half relic
i learn better by doing so i think this will be better
i still think books would have a ton of information that it would be hard to get in this format though
anyway
like the web application hacker's handbook is one i read and that had a ton of information
there is one about bug bounties i want to get
bug bouty bootcamp
might be some overlap though
eternal timber
Action Jack Barker
daring vigil
Just finished a room on PowerShell me no likey, necessary evil, powerful and good stuff, just gross after learning linux so well haha
half relic
i was gonna use media wiki for notes since i can easily install it on my server which has to be windows and access it from any device, but obsidian has files that i think would be more usable with some other editor if i get tired of it
yeah the thing i dont' like about powershell is how incredibly long even the simplest scripts are
compared to bash
its annoyhing
it seems overengineered
daring vigil
i was gonna use media wiki for notes since i can easily install it on my server ...
Exactly the vibes I got from it
Like executing one command on a remote computer is crazy
Lots of typing, on the bright side once you know how to invoke a script you can save anything you spent a lot of time engineering and then you don't have to repeat it haha.
daring vigil
scripts are nice
My, "the glass is half full" version of PowerShell lol
half relic
it just seems everything to do with windows is way overengineered and over complicated
there are probably exceptions but it seems that way
carmine tinsel
I enjoy it because its complicated
So far at least
I've only done the basicest of shit with windows but the organization of it fascinates me
eternal timber
it just seems everything to do with windows is way overengineered and over compl...
It is indeed clunky compared to linux
clear jackal
it doesn't hide how it works
Do you have some examples?
Time on keyboard also makes a difference when it comes to perceived clunkiness
half relic
i just mean that with windows it's usually harder to tell exactly what its doing
sturdy pike
how are you?
half relic
i dont' know why i can't think of a good example atm lol
fringe nacelle
how are you?
Chilling hbu
half relic
i think the registry is kind of labyrinthine and unintuitive and i don't know why they had to create their own proprietary database just for settings then provide the most unusable tool to interact with it. I know there are better registry editors but i don't think you should have to rely on non native tools just to interact with a core feature where with linux everything is text so any editor works
I think putting each program and all the files associated with it in their own folder was a mistake too because it leads to absurdly long path variables.
you can't really add all of your softwar to the path because there are too many paths
i do kind of like how groups and permissions work though lol
seems more flexible than on linux
anyway ill stop since i dont' think anyone is reading this lol
clear jackal
I am
half relic
ah ok
grizzled void
As am I
azure hill
Will a VPN let us try gpt operator on a pro sub or ban
clear jackal
i think the registry is kind of labyrinthine and unintuitive and i don't know wh...
If you're directly editing the registry, I have some questions. Have you considered using local GPOs? I guess my question is why are you editing the registry directly?
clear jackal
I think putting each program and all the files associated with it in their own f...
Why would you not put a program and it's files in the same place?
half relic
its actually been a while since it did, but what if i just wanted to add something to a shell menu or something
and a lot of software doesnt' clean up its registry keys
clear jackal
you can't really add all of your softwar to the path because there are too many ...
Confused here too
half relic
because if you want to run it without typing out the full path hyou have to add it to the path variable
if all your binaries are in one of a few folders you have a short path variable
eternal timber
df = pd.Dataframe(data)
df.to_csv(“data.csv”)
half relic
if they are each in their own folder you have to add every path and you hit the size limit of the path variable
its inconvenient
clear jackal
What are you doing/using where you have to add every path manually?
I'm trying to understand how you're using window, because it's not making sense in my head
half relic
it seems that a lot of windows versions of things don't add their path to the variable
clear jackal
To what variable
half relic
like eclipse
orchid dome
Just finished a room on PowerShell me no likey, necessary evil, powerful and goo...
Lol
half relic
to %PATH%
so that if you just type eclipse it comes up
windows does have a search feature now
clear jackal
So you're just using CMD to do everything?
half relic
but it seems overwrought to have everything in it's own folder and not on the path so that you have to actually index and search things instead of just going directly to it
it seems it doesnt' bother me most of the time but at times if i am learning a programming language or something it becomes a pain
it depends on what im doing
clear jackal
From what you've said, it seems to me you're adding in unnecessary complexities. Just what I am thinking trying to follow along
amber summit
actually fuck it works just pass isn’t working
clear jackal
is the attack box broken
Probably not. If you need assistance with a room, #room-help
amber summit
is the password broken
half relic
Will a VPN let us try gpt operator on a pro sub or ban
I'm not sure what you mean
azure hill
Isn't it only available in the US currently?
if we're not in the US would a vpn let us try operator
daring vigil
Do any of you guys have compiled bash scripts for like searching for flags, or setting up defensive anything on CTF competitions etc?
clear jackal
Isn't it only available in the US currently?
I would follow THMs TOS
azure hill
I would follow THMs TOS
Talking about GPT not THM
or you mean coz unethical
if so makes sense and my bad just wondering
azure hill
Personally, I love following TOS 😄
half relic
i think most companies know if you are using a vpn ip anyway
azure hill
US residential proxy*
grizzled void
why not pipe the output of where into your command so you don't need to type it yourself?
azure hill
I'll ask gpt if it's allowed
clear jackal
If it's region locked, the answer is no
amber summit
why is this password not working
half relic
I just find the design of linux more pleasant
amber summit
not my first time ssh into thm i’m literally not doing anything wrong
half relic
Im surpirsed you dont' find it annoying to use command line tools in windows though
azure hill
I just find the design of linux more pleasant
Linux is absolutely beautiful
clear jackal
not my first time ssh into thm i’m literally not doing anything wrong
Unless the room specifically tells you to ssh, it's probably not going to work.
half relic
and the tab completion is anoying
brazen isle
Has anyone tried the AWS Cloud Training ?
half relic
i think it is the design is just simple and kind of poetic or somthinng lol
clear jackal
Im surpirsed you dont' find it annoying to use command line tools in windows tho...
If you're talking to me, I use both equally, without issue or preference tbh.
eternal timber
Has anyone tried the AWS Cloud Training ?
Yeah
amber summit
Unless the room specifically tells you to ssh, it's probably not going to work.
it’s telling me to
half relic
I use both but i have a preference
clear jackal
it’s telling me to
Are you in the attackbox or your own VM?
amber summit
Are you in the attackbox or your own VM?
nope on theirs
amber summit
the issue is when i enter password
clear jackal
nope on theirs
Did you start the box in the room?
eternal timber
What is your experiense ?
It’s pretty boring but informative. It should give you a good chance of getting the AWS cloud certification
cloud quiver
Is it Begginers Friently ?
It is imo
eternal timber
Is it Begginers Friently ?
Yeah very
clear jackal
yep
OK, #room-help
eternal timber
Yes, I can’t think of a better place to start
brazen isle
Yes, I can’t think of a better place to start
Have you finished the whole thing?
rapid merlin
After 1 hour && about 16mins I finally finished installing Arch Linux.
amber summit
condolences
rapid merlin
Yeah man, I use Arch btw.
pliant onyx
After 1 hour && about 16mins I finally finished installing Arch Linux.
Lfg
Congratulations! Now do it all over again
half relic
first linux distro i ever tried was gentoo. I picked it basically at random and i thought that all linux distros were like that lol
eternal timber
Have you finished the whole thing?
Nope. I’ve put it on hold
near sapphire
my first was parrot i think
rapid merlin
Congratulations! Now do it all over again
LOL
rapid merlin
first linux distro i ever tried was gentoo. I picked it basically at random and...
Mine was ParrotOS && I had it for a year because I was trying to dual boot it without knowing what I was doing and I couldnt install windows back
pliant onyx
Oh I also know Red Hat
half relic
oops
half relic
i took that exam and failed it lol
rapid merlin
half relic
red hat
rapid merlin
I can say it feels way better than Parrot
pliant onyx
Uptime: 7 hours
4 of which were installation
rapid merlin
For some time I couldnt connect to wifi either
half relic
I used to want a distro where i could customize every single aspect but now i just want it to work reliably
pliant onyx
For some time I couldnt connect to wifi either
Missing dependencies
near sapphire
i dont know what i want so i always go default
rapid merlin
Missing dependencies
yeah i had to restart from my USB like 3 times because i did the wrong thing
rapid merlin
And then I used the wrong keyboard layout somehow
pliant onyx
rapid merlin
LOL
rapid merlin
38 mins in hes still not done
pliant onyx
Nop
half relic
it took me two different nights to install gentoo but i had to let it compile overnight
i took notes
lol
but it was the first time i used linux
sinful moon
whew it is not 2007 anymore, please do away with your non-blurred transparency
rapid merlin
but it was the first time i used linux
wow man
rapid merlin
whew it is not 2007 anymore, please do away with your non-blurred transparency
idk i just like the transparent
sinful moon
just like use your eyes and determine the readability of the terminal screenshot you have posted lol
I only half kid though
half relic
that was my only pc too and i decided to just get rid of windows so i had no pc till i got it right
sinful moon
if you like transparency, you just need to make it more opaque so it’s actually usable
half relic
lol
sinful moon
eyesight != readability
rapid merlin
im the one reading it 😄
sinful moon
True, so you’re just giving yourself a hard time for no good reason
jolly aspen
im the one reading it 😄
Your screen shots are now banned /s
sinful moon
lol
pliant onyx
Audiobooks 
sinful moon
Anyways I don’t care all that much, juts thought it was funny. Been a while since I saw a term that was so transparent
grizzled void
i find it quite readable imo however I wouldn't do this myself
jolly aspen
Layers are old school. Modern times we just sandwich everything together
pliant onyx
https://youtu.be/j_I9nkpovCQ
Your next assignment
fringe nacelle
I can't tell the difference tbh
pliant onyx
Personally, I would change the font to FiraCode
grizzled void
gotta change the color to match your THM level color though
sinful moon
I mean there’s an entire distro for that… before lol they switched to Fedora
Not exactly a difficult assignment
eternal timber
sinful moon
Just limiting despite how far Asahi Linux has come
jolly aspen
https://youtu.be/j_I9nkpovCQ
Your next assignment
Btw
molten sky
@sinful moon o/
sinful moon
Heya!
Now I’m salty since I can’t play my MMO until 5am due to scheduled maintenance. Rip
molten sky
pretty sure companies schedule maintenance only when they know i'm gonna need to do something
eternal timber
I need a break
sinful moon
Yeah literally the day after I beat the main quest of the 2.0 content and was excited to try flying around and more lol
sinful moon
pretty sure companies schedule maintenance only when they know i'm gonna need to...
Although it was big oof two weeks ago when there was downtime for the admin panel of our MFA solution when i was scheduled to onboard an end user with it
thankfully authentication still worked, we just couldn’t you know… administrate it lol
half relic
good thing authentication worked lol
sinful moon
Yeah I’ve never seen that go down, besides SMS and voice call methods which, shouldn’t be using those anyways
anyways it was nbd, I just called the user the next day and got them sorted
Alright chat is too quiet, Imma check into VC in another server and if that’s too boring, then just amuse one of my various obsessions after my plan for tonight has been ruined lol
pliant onyx
hollow wigeon
Virtual machine 1 was annoying af
molten sky
Although it was big oof two weeks ago when there was downtime for the admin pane...
downtime with any auth has gotta be a shitshow ngl
sinful moon
Eh it just prevented me from bringing user out of Bypass so nothing was really impacted with this security onboarding I was doing with them on this new computer, just delayed
although lol I couldn’t send them the normal SMS invite texts for the MFA app/service either
molten sky
good time to phish IT
sinful moon
~~good time to phish IT~~
lol we barely use the admin panel’s “lets send an MFA request to ensure the user is who they say they are” due to our relatively small scope. I know most everyone by name and the sound of their voice at this point, even with me working remotely
molten sky
i'm waiting for the day "ai" voice spoofing becomes half viable
will be fun
sinful moon
Mhmm, still really only in the realm of “warn your elderly parents about it and set up a passphrase”… if that
We do technically have passphrases for use with our clients but I have never seen that actually used lolol
molten sky
lucky for me about 30% of level 1 IT people I've met have the sense of those eldery parents
sinful moon
ouch lol
and yeah our clients, especially the handful of wealthy individuals we support, are more likely to fall for bs MS tech support scams than something more advanced actually trying to impersonate us.
That’s thankfully gotten better though as we’ve increased our awareness training, even if just mentioning how these scams work to them 1:1
They’re usually smart enough to call us instead of the fake number on their browser hijacked screen lol
molten sky
i'd wager QR codes are probably still top tier
sinful moon
lol as if our users are smart enough to even fall for the QR code scams
they’d try to scan it with their MFA app as we have taught them which would result in… nothing
half relic
I know someone who fell for one of those. I don't know why she thought microsoft wanted payment in play store cards
molten sky
speaking of qr codes, thank god restaraunts are finally stopping that crap
that was horrible
not even a security thing just horrible
sinful moon
thankfully never run into that but yeah it’s gross
sinful moon
I know someone who fell for one of those. I don't know why she thought microsof...
I have had to remediate several of those real time. One scammer attempt had installed the same remote support software that we use, so I had to very carefully kill theirs without killing ours lol
molten sky
no menus, you gotta scan a QR code they stuck to your table and browse their online menu with shit reception on a shit website
worst thing since microsoft
half relic
ohh that's annoying
I'm glad we can't remote into customer's computers
i dont' want to know what they have on their computers
pliant onyx
True, but consider:
sinful moon
I have seen some very advanced coordinated financial scams though against one of former clients who operates a local franchise chain
queen flare
what's a qr code scam
molten sky
most qr codes
sinful moon
They had insider knowledge about how the property management system worked at this multinational chain and scammed many many locations out of significant sums of money by making “test” transactions which were anything but a “test”
molten sky
but if you mean security wise, typically phishing
eternal timber
what's a qr code scam
When it leads you to a malicious site
pliant onyx
what's a qr code scam
When it’s a rick roll instead of unlimited money
eternal timber
Probably
sinful moon
yeah they’ll use QR codes to get around anti-phishing software techniques
eternal timber
When it’s a rick roll instead of unlimited money
Truly malicious
molten sky
cause a lot of people used to assume qr codes in certain places = safe
sinful moon
that too
queen flare
would this fall into social engineering?
sinful moon
yes
sinful moon
It’s not any more advanced, it’s just “hiding the lead” so to speak
molten sky
good way to put it tbh
sinful moon
The only time I’ve seen a user actually receive one that wasn’t blocked by our email security software they just straight up asked us what to do with the QR because they had no idea lol
half relic
lol
sinful moon
so I doubt the effectiveness unless you’re moderately “with it” tech wise and have grown to trust QR codes
sinful moon
oh the Mesh email security platform? Yeah I tried to steer us that way, but we went with another well respected vendor
which also happened to be on my shortlist of recommendations so I can’t complain
molten sky
inky?
sinful moon
Nah. Guess it doesn’t matter me saying realistically, just taught to be cagey. We went with Avanan which was gobbled up by Checkpoint. Checkpoint I have mixed feelings about but their core Avanan email security platform is fantastic
sinful moon
I wouldn’t even know, we’re pure 365
They at least claim that they were amongst the first to really debut the API based model instead of hardware gateways around 2015ish
molten sky
idk if it's still the case today but i think avanan was the one that required just a straight super admin acct for their "integration" with gsuite, rather than tying into any api or having limited perms
sinful moon
Ah gross, having glanced at those docs I don’t think that’s still the case, but yeah never something I’ve had to put into practice
molten sky
in their defense i guess, working with google's api stuff fucking sucks
sinful moon
I was trying to go Mesh because MSP focus and also still had a gateway option when we still needed ours, but by the time we finally started shopping around, we were pure 365
queen flare
now i might make a qr code rickroll and put it in a random bathroom
sinful moon
but yeah I’m significantly happy with the improvement in detection and etc compared to our old Barracuda Gateway
eternal timber
Make it a Fetty Wap roll
molten sky
but yeah 365 wise mesh inky and avanan are all solid, i was impressed with mesh but can't complain about either of the bunch (again, except that gsuite integration showing a pretty bad security mindset)
sinful moon
I used to have to remediate client requests for 40+ spam/phishing attempts every two weeks, now it’s easily under 10 for two weeks
jolly aspen
now i might make a qr code rickroll and put it in a random bathroom
Self host it so you can see just how many people will follow it while faced with a poo and curiosity
sinful moon
thinking of Gateways, you may be interested to hear null that for personal use, I installed a Unifi Gateway Max in our home network and am extremely happy with it
also happened to take over network admin from my SO finally lol. Despite also working in IT, he himself admits he’s not a “networking person”
molten sky
i've been iffy about unifi over the years but at this point i think their products are getting pretty mature
kinda want a few
sinful moon
Yeah they were no question for APs and switches but their gateways have gotten good enough they’re just replacing our firewalls at many client locations
queen flare
i have an innovative idea
molten sky
those aren't allowed here
static acorn
rubberducky but it plays rickroll instead of payload
molten sky
Yeah they were no question for APs and switches but their gateways have gotten g...
i kinda want one of their switches just cause pretty lights
molten sky
rubberducky but it plays rickroll instead of payload
nah gotta drop something that'll do it randomly every few days
sinful moon
Plus I mean, finally a mobile app that’s not crap and lets you administrate 97% of everything you can in the controller
queen flare
nah gotta drop something that'll do it randomly every few days
sounds ethical
molten sky
Plus I mean, finally a mobile app that’s not crap and lets you administrate 97% ...
impossible.
sinful moon
Yeah it’s actually kind of wild
half relic
or scp foundation
sinful moon
never thought I’d run into a OEM networking app that wasn’t crap
molten sky
most companies can't even make their web ui not crap
half relic
if i didnt' know what it was that would be so weird to get from a qr code in a bathroom
the stories are just strange
sinful moon
mhmm but to be fair Ubiquity’s UI is kind of known for being fantastic
and yep, I’m just self hosting the Unifi Network Server on my… erm, server
you can get gateways with that feature integrated, but I rather like that being its own thing
molten sky
aight time to knock out
sinful moon
to be clear, when the server is down, the devices continue to function as normal, it’s only needed for management and stats
molten sky
will hopefully know tomorrow if i can actually accept this offer
sinful moon
alright see ya then! Nice chatting as always
molten sky
if so, finally free
sinful moon
Not sure what this is but indeed, good luck!
cloud quiver
🙂 👋 🍪
sinful moon
Ah very nice, should be great. Good luck indeed!
grizzled void
will hopefully know tomorrow if i can actually accept this offer
good luck to you!
half relic
I don't think i will ever get a job like that living in a rural area with no plans to move
but good luck
sorry
sinful moon
just use your human networking resources as much as you can for that chimera
half relic
there are no organizations big enough in like a 100 mile raius
jolly aspen
Plus I mean, finally a mobile app that’s not crap and lets you administrate 97% ...
Ip found : 192.168.0.1 consider everything hacked
split compass
Oof, got distracted waves goodbye to 40days
sinful moon
I’ve actually turned down two offers to work at a multinatioinal bank in DFIR/SOC since I was still getting tons of experience from my current job. But yeah when they’re hiring again I’m for sure going for it
sinful moon
Ip found : 192.168.0.1 consider everything hacked
lol there’s a reason I redacted my public IP from that image, I just made it the same color as the BG
austere verge
Someone told me their ip ended in .822 and I just looked at them like -_-
sinful moon
lol
half relic
i don't knwo if i would want to work for an acutaly bank though I kinda like working for a company where the product is some kind of technology becuase the people abover you understand what you are doing
and tech companies tend to be more laid back usually i think
sinful moon
I’ve actually turned down two offers to work at a multinatioinal bank in DFIR/SO...
Anyways my point there was, I have a close friend who is DFIR manager at that company so that was just one of a couple avenues for career progression I have in mind
jolly aspen
i don't knwo if i would want to work for an acutaly bank though I kinda like wor...
It’s still hit or miss
molten sky
i don't knwo if i would want to work for an acutaly bank though I kinda like wor...
yeah no corporate, especially in finance, is a shitshow sometimes and has tons of red tape -- but $$
grizzled void
Someone told me their ip ended in .822 and I just looked at them like -_-
possible if they are using IPv6 addressing
sinful moon
Yeah meanwhile this is a major major corporate org so it would be a huge adjustment for me
austere verge
possible if they are using IPv6 addressing
It was an ipv4 😭
jolly aspen
Tech companies have lots of pseudo or non tech people and that part can be mind numbing
half relic
the first place i worked after school was a smaller company and they put the cfo in charge of it for some reason
he had no idea what anything meant
but he didnt' want to spend money on anything
sinful moon
lol my managed service provider is so small that my boss is the CEO/owner/lead tech so…
jolly aspen
If they see a terminal they think you’ve made a deal with Gandalf
sinful moon
yeah different vibes
sinful moon
They can be, except when you get into all of the small business issues lol
It’s a blessing and a curse
half relic
like what
jolly aspen
Single user for all devices, password is company name ☠️
sinful moon
Informally I have like 6+ job roles, great experience, but wild to keep track of everything I practically do
half relic
oh yeah
sinful moon
Single user for all devices, password is company name ☠️
Nah that’s why we’re a MSP, lol we do IT for all the companies who would be doing that sorta thing normally
half relic
the company i worked for had really obvious sql injection vulnerabilites in the internal software that the sales peopple used
split compass
'==1;
sinful moon
we call him little bobby drop tables
half relic
end of life servers
sinful moon
that can be a difficult fight to have as an MSP sadly lol
half relic
one person accidentally downloaded ransomware that encryped the big shared drive that every office in the whole company used
i wou;dnt' talk about it but that company is gone now
austere verge
Someone told me their ip ended in .822 and I just looked at them like -_-
I think some people just say haha doxed you and say a random ip without even thinking about if it’s possible 
sinful moon
ouch, but also that shouldn’t be as possible due to permissions and more
split compass
one person accidentally downloaded ransomware that encryped the big shared drive...
Backups, v. important.
sinful moon
mhmm
half relic
fortunately there were backups
sinful moon
we have hourly backups of servers
half relic
she just shouldnt have been able to encrypt things she didn't have anything to do with
split compass
she just shouldnt have been able to encrypt things she didn't have anything to d...
Yep, PoLP gets ignored all too frequently.
sinful moon
only ever had one client ransomwared… twice. It was before my time but both time it was due to the company refusing to accept our security standards, demanding everyone was admin with full access to shared folders and more, etc
jolly aspen
‘ ==1 AND DROP Table
everyone gets the day off, forever
sinful moon
they were not a client for much longer lol
split compass
I have a few systems at work where I've asked for a Read account so I can better do reporting/root-cause analysis etc.
And end up with RW 😄
sinful moon
the person who was to blame was the same who demanded weakend security or else “they could not function” lol
karmic turret
hey guyz, what's up with that “certification” thingy they were gonna release today? i don't see anything new
jolly aspen
hey guyz, what's up with that “certification” thingy they were gonna release tod...
Oh yea I wonder why they wouldn’t announce it at 4am
half relic
the person who was to blame was the same who demanded weakend security or else “...
reminds me of peoople who refuse to reboot their servers cause they can't have downtime
for updates
sinful moon
lol no one is that important and if they are, they need correct failover/HA
half relic
well if you don't update them there could be a lot more downtime lol
sinful moon
we administrated a national transportation company and they were more than happy with our Friday evening maintaince
jolly aspen
well if you don't update them there could be a lot more downtime lol
could be ill believe it when I see it!
tawny trench
good morning
half relic
yeah people who have been comprimised have a completely different opinion about updates
its hard to convince them beforehand though
karmic turret
Oh yea I wonder why they wouldn’t announce it at 4am
🙂 when do you think its gonna be out?
sinful moon
we administrated a national transportation company and they were more than happy...
meanwhile internal IT which took over for us has stopped patching or rebooting these same servers… Good luck to them!
basically they got bought out in a pump and dump move from a VC
jolly aspen
🙂 when do you think its gonna be out?
An educated guess would be office hours. A conservative guess would be noon
sinful moon
so they only care about cost cutting to resell, and MSP looks like an expenditure
karmic turret
An educated guess would be office hours. A conservative guess would be noon
WHAT TIME IS IT IN THE UK?
grizzled void
yes
karmic turret
so they only care about cost cutting to resell, and MSP looks like an expenditur...
yeah fr
molten sky
so they only care about cost cutting to resell, and MSP looks like an expenditur...
"I never have to call you why am I still paying you??"
sinful moon
moved our VMs from a dataceneter to… “the cloud” aka Microsoft’s datacenter and they’re going to be charged out the butt for those VMs… but hey “the cloud” is more marketable for selling the company lol
grizzled void
WHAT TIME IS IT IN THE UK?
its almost 6am
karmic turret
moved our VMs from a dataceneter to… “the cloud” aka Microsoft’s datacenter and ...
😂
half relic
I think they appreciate yoiu more if things break once in a while and you can rescue them
sinful moon
"I never have to call you why am I still paying you??"
The funny thing is they called us constantly with issues, but it was all minor stuff
jolly aspen
WHAT TIME IS IT IN THE UK?
Google: what time is it in the bloody Uk
half relic
i think its actually true
sinful moon
I know all of the actual boots on the ground employees miss us tons and compain
half relic
you look better when you are doing things wrong but can 'fix' it fast
split compass
hey guyz, what's up with that “certification” thingy they were gonna release tod...
Should be about 5am GMT right now.
half relic
that's what the guy who created the software with the sql injection was like
split compass
you look better when you are doing things wrong but can 'fix' it fast
Not when the thing you do wrong is security!
sinful moon
They’re also big enough that I had the pleasure of preventing major threats like qbot and other big name initial access malware from fucking up their entire org
half relic
he was definately doing security wrong lol
sinful moon
usually the stage 1 loader would run but our EDR would catch stage two and I would more than remediate and do writeups
karmic turret
@sinful moon do you only do defence or are you also into red teaming?
sinful moon
My org is so small I do everything even tangentially related to “security”. However most of my offensive stuff is informal, as my firm does not meet the criteria for being certified for pentesting for PCI-DSS compliance and similar. Most often I do an initial test before we hire a qualified org
half relic
what kind of test
sinful moon
although some of the most fun I’ve had was testing our current EDR product to which our managed SOC called us in alarm a couple times that day lol
sinful moon
what kind of test
I mean I can’t say I’m a formal offsec professional but I know enough to cover our companies butt to make sure I can find concerns before we bring in a third party. Sure some of that is defensive and sometimes a bit of poking around
karmic turret
although some of the most fun I’ve had was testing our current EDR product to wh...
that sounds sooo interesting. was it anything good? was it a false positive?
half relic
interesting
sinful moon
when we’re the IT for dozens and dozens of companies we want to put on a good face that we didn’t at least overlook something obvious for our customers
karmic turret
I mean I can’t say I’m a formal offsec professional but I know enough to cover o...
yeah that makes complete sense. and ofc that little bit you do in the offensive side also compliments your defensive skills 😌
sinful moon
that sounds sooo interesting. was it anything good? was it a false positive?
The EDR product is very good, I was able to do some things that slipped through but they were ironically very basic things compared to the advanced techniques I used which the EDR very much alerted us to
magic isle
Can anybody here hack and destroy a roblox game
I need help urgently
I don't really have any hacking experience but I can here to seek help
sinful moon
@shell nova please see the above, thank you
twin ridgeBOT
Gave +1 Rep to @shell nova (current: #13 - 623)
sinful moon
lol accidental thanks
whole yew
Can anybody here hack and destroy a roblox game
If they are doing somethign bad, report to roblox support and if it's bad enough, law enforcement.
magic isle
If they are doing somethign bad, report to roblox support and if it's bad enough...
They wont
I've reported them so many times
whole yew
It would be illegal to hack and destroy a roblox game as a private citizen, regardless of the reason.
static acorn
Can anybody here hack and destroy a roblox game
read rules
grizzled void
@sick lance nvm juun here
whole yew
read rules
Please stay out of this.
karmic turret
The EDR product is very good, I was able to do some things that slipped through ...
interesting. yk i'm more interested in the offensive side, and I'm about to set up a lab for malware reverse engineering
magic isle
I got well ig I'll keep searching
I just ask because I literally watched a kid get groomed
eternal timber
What’s everyone doing
magic isle
And I really need to take this down because roblox admin isn't doing shit
whole yew
I got well ig I'll keep searching
Please don't. If it's not bad enough for law enforcement and doesn't violate the roblox TOS, hacking that roblox game could put you in the sights of law enforcement for cybercrime.
magic isle
I understand
It does violate the TOS
But no body is doing anything about it
Have screen shots and everything
drowsy dust
What’s everyone doing
I think ima eat a whole can of tuna
static acorn
I think ima eat a whole can of tuna
inv me
magic isle
I got banned from the said game with the explanation "for being a rat"
whole yew
Then keep reporting them to roblox support. If it's against ToS, roblox can shut it down.
magic isle
Alrighty
whole yew
Keep outside drama outside, I am just telling you that what you want to do is illegal and I strongly recommend you do not take any action to damage or compromise that server or game.
eternal timber
I think ima eat a whole can of tuna
Don’t overdo the tuna. Normally too much will lead to mercury poisoning
drowsy dust
Don’t overdo the tuna. Normally too much will lead to mercury poisoning
one whole can bad?
halcyon dune
Hi, someone hacked my call of duty account but i don't know how and why
sinful moon
as I understand it you need to eat an excessive amount of Tuna for that to even be an issue
eternal timber
one whole can bad?
Nah that’s fine
jolly aspen
Don’t overdo the tuna. Normally too much will lead to mercury poisoning
You don’t need those enzymes anyways
sinful moon
Hi, someone hacked my call of duty account but i don't know how and why
Contact Activision support
eternal timber
Just don’t eat 10 cans or smth
drowsy dust
true
static acorn
one whole can bad?
dont listen to them. they dont understand true tuna love.
drowsy dust
dont listen to them. they dont understand true tuna love.
lmao
eternal timber
You don’t need those enzymes anyways
You don’t say
jolly aspen
Just don’t eat 10 cans or smth
I’ve eaten way more than ten in my lifetime
halcyon dune
Contact Activision support
is it possible to get back my account?
static acorn
is it possible to get back my account?
yes
eternal timber
I’ve eaten way more than ten in my lifetime
Well I hope not in a day
sinful moon
is it possible to get back my account?
We don’t know unless you contact the people who actually administrate the servers and your account, that would most likely be the publishers, Activision
jolly aspen
Well I hope not in a day
Nah, just an hour
eternal timber
static acorn
<:splendid:1337248811331878912>
whole yew
is it possible to get back my account?
In all honesty, the best thing you can do is contact Activision support and go through account recovery processes.
jolly aspen
Uggh
magic isle
🤨
drowsy dust
tuna time boys
whole yew
And I just can't let it slide
Seriously, report to Law enforcement. They will kick it up the chain, and report them to roblox. I appreciate that you want to protect people, but complaining about it here isn't the way to go about it.
karmic turret
I hate pedos
if that really is the case, the best that you can do is write an Email (or maybe a hundred) to Roblox.
with evidence
whole yew
Do not collect evidence of wrongdoing. You can actually poison the case and ruin it.
jolly aspen
if that really is the case, the best that you can do is write an Email (or maybe...
I think the best is a police report…
sinful moon
anyone know how to use rdp?
Um yes? Why do you ask lol
slate wing
anyone know how to use rdp?
to connect to my cloud vm bro
magic isle
Then what do I collect?
whole yew
The best thing to do is report to police, and with that I'm declaring this topic closed. Please move on to another.
jolly aspen
anyone know how to use rdp?
Never heard of her
slate wing
Um yes? Why do you ask lol
I can't connect
whole yew
No more discussion of this hacking roblox nonsense.
slate wing
No more discussion of this hacking roblox nonsense.
lol that sounded fun I missed out
sinful moon
I can't connect
It’s literally just an IP and port 3389 unless there’s a RD gateway server which probably isn’t
runic copper
i cant believe this aws section is like $350 omg
sinful moon
You probably need to work it out with the server admin
slate wing
It’s literally just an IP and port 3389 unless there’s a RD gateway server which...
onesec I will send u the error
eternal timber
Used to love tuna till I had it every day for half a year
half relic
are you trying to connect from linux or windows
jolly aspen
with evidence
Given the context. Self collecting evidence is terrible advice
runic copper
i cant believe this aws section is like $350 omg
was not prepared that
sinful moon
onesec I will send u the error
lol excited for work flashbacks, alright
static acorn
drowsy dust
tuna
static acorn
TUNA
sinful moon
was not prepared that
Spinning up this AWS infra on the fly is extremely expensive. This used to be exclusive to business customers of THM. So them even offering you to pay out of pocket is actually a win
runic copper
you need to hack roblox to protect kids?
wait wtf is going on lmao
whole yew
Nope, move on.
jolly aspen
Damn. Just blasting that IP eh
slate wing
Not sure why I leave the domain blank
whole yew
No more discussion of that topic. Last warning before mutes get handed out.
half relic
domain is for if you are logging in with an active directory user
runic copper
top level discord mod
sinful moon
That error doesn’t really say much lol. And you don’t need a domain unless it’s Active Directory authenticated
slate wing
That error doesn’t really say much lol. And you don’t need a domain unless it’s ...
but chat gay bisexual and trand(chatgbt) said it is ok to leave domain empty
runic copper
i am just wondering what i tabbed into when i opened discord
jolly aspen
Juun bout to go oprah with those mutes
eternal timber
im just trying to eat tuna
He/she wants some
slate wing
That error doesn’t really say much lol. And you don’t need a domain unless it’s ...
ah ok so what do I do?
sinful moon
yes that’s just what I said although why does that chat have an RDP server lol
whole yew
but chat gay bisexual and trand(chatgbt) said it is ok to leave domain empty
you wanna maybe reword that in a way that doesn't sound exclusionary and pejorative?
drowsy dust
He/she wants some
my tuna :((
grizzled void
I would advise removing this photo so other's don't get too curious about this IP address
sinful moon
oh I misunderstood the badness
runic copper
Hi, someone hacked my call of duty account but i don't know how and why
if you have access to your email still i would change the password to be safe
slate wing
I would advise removing this photo so other's don't get too curious about this I...
sure bro, I did but it is an empty vm anyway
in the cloud so i thought it is ok
grizzled void
sure bro, I did but it is an empty vm anyway
better safe than sorry
whole yew
Posting public IPs in a hacking discord is not a good idea
slate wing
you wanna maybe reword that in a way that doesn't sound exclusionary and pejorat...
Not sure what u mean
whole yew
someone is going to want to play silly buggers
sinful moon
My next troubleshooting steps would have been a port scan lol
half relic
telnet ip 3389
slate wing
Posting public IPs in a hacking discord is not a good idea
let them hack an empty just made cloud vm for testing nonsense i don't mind
grizzled void
sure bro, I did but it is an empty vm anyway
if it's a VM can you not access it via the web browser?
eternal timber
my tuna :((
Make sure to fan the smell out
jolly aspen
…well if they can’t access it, surely no one can
sinful moon
But okay is this infra you operate or not? If not just work with the operator who probably knows more about the setup
drowsy dust
Make sure to fan the smell out
why?
slate wing
if it's a VM can you not access it via the web browser?
No they wanted me to download, but oH leet me try acually, ru familiar with cloud vms bro?
grizzled void
No they wanted me to download, but oH leet me try acually, ru familiar with clou...
have you attempted using SSH to access the VM?
I have some familiarity with using cloud VMs, yes
jolly aspen
Hello, is this IT support? Yess I spilled tuna on my keyboard
slate wing
have you attempted using SSH to access the VM?
ssh for linix no?
half relic
usually
slate wing
I have some familiarity with using cloud VMs, yes
nice bro, did u take any cloud certs?
i am doing az 900 rn
grizzled void
I have az 900
slate wing
I have az 900
oh wow. how was the test?
drowsy dust
So your cat gets more jealous
lol thats cruel
grizzled void
I spent less than a week studying for it as I had some familiarity before deciding to take it. It was fairly straight forward.
static acorn
im cuddlin my cat rn. he came into my living room and requested cuddle. he will now recive the pats
sinful moon
I run several cloud VMs both personally and professionally, just makes me sus as to why you’re having issues with a simple task such as this if you’re actually studying for these certs
slate wing
I spent less than a week studying for it as I had some familiarity before decidi...
Yes it is easy so far bro, but did the exam was so easy like no stupid questions to make u fail and make them earn extra or something?
sinful moon
lol like simple things, is 3389 actually open to the internet? Normally that’s pretty not great but who knows
slate wing
I run several cloud VMs both personally and professionally, just makes me sus as...
My first cloud cert so
u had issue with it too
lol
grizzled void
Yes it is easy so far bro, but did the exam was so easy like no stupid questions...
Guess you'll find out once you take it
slate wing
u can't troubleshoot it so 😂
sinful moon
u had issue with it too
nope!
karmic turret
Hello, is this IT support? Yess I spilled tuna on my keyboard
lmao
sinful moon
You’re just not answering any meaningful questions or explaining reasoning. So is 3389 just raw dog open on this, and who’s infra is it, yours or?
mellow narwhal
lol like simple things, is 3389 actually open to the internet? Normally that’s p...
Shodan go brrr
I've found lots of 3389's open, but all of them were Chinese stuff, so....
karmic turret
yo gang,
I need your opinion... would reverse engineering and malware analysis make me a better red teamer???? I really just wanna get into the top 50 in the world!!
sinful moon
I've found lots of 3389's open, but all of them were Chinese stuff, so.... <:kek...
lol that’s improved then, US and Germany are often the worst offenders for MS protocols
slate wing
You’re just not answering any meaningful questions or explaining reasoning. So i...
infra? idk tbh let's hope on a voice call?
mellow narwhal
Yeah its mostly just Asian countries from what I see
sinful moon
Infrastructure
slate wing
I can share my screen thee
mellow narwhal
Germany does have some exposed protocols though
slate wing
Infrastructure
it is windows server
sinful moon
lol while I am tempted it’s usually best to keep this in chat
slate wing
lol while I am tempted it’s usually best to keep this in chat
why? don
t be shy
lol
sinful moon
yes, but hosted at AWS? DigitalOcean? Another vendor? Do your cloud networking setting even expose that port? etc
grizzled void
slate wing
<@718509603654205502> <https://learn.microsoft.com/en-us/azure/virtual-machines/...
ok no malware right?
jk
sinful moon
Yeah I guess I should strike DigitialOcean from the above, they don’t technically support Windows Server although you still can
half relic
the port is probably closed like @sinful moon keeps saying
slate wing
Yeah I guess I should strike DigitialOcean from the above, they don’t _technical...
Digital ocean?
grizzled void
I'm assuming they are using Azure as they are studying for the AZ 900
half relic
hosting company
sinful moon
DigitalOcean is another cloud hosting vendor like AWS and Azure
slate wing
I'm assuming they are using Azure as they are studying for the AZ 900
az 900
sinful moon
then sure just use their guide above lol
slate wing
DigitalOcean is another cloud hosting vendor like AWS and Azure
ah not popular, btw do u have a cloud background or certs?
grizzled void
ah not popular, btw do u have a cloud background or certs?
DigitalOcean is quite popular
sinful moon
I have a cloud and infosec background, no certs, just self taught for over 20 years
and yeah it’s probably the biggest out of the main three AWS, Azure, GCP
or one of the
slate wing
DigitalOcean is quite popular
oh I heard google cl, azure and aws are like the main players
slate wing
and yeah it’s probably the biggest out of the main three AWS, Azure, GCP
nice, but why no certs?
sinful moon
DigitalOcean is a bit friendler to small/medium business and individuals
drowsy dust
https://tenor.com/view/pat-pat-cat-pat-cat-cat-pat-love-cat-gif-8327343031414150...
you should feed your cat tuna
static acorn
sinful moon
nice, but why no certs?
Personally I don’t think I want or need any cloud certs, I’m not going into devops or devsecops despite having experience in those feilds professionally. My professional experience will help.
As to why not general certs, it depends. I’ll grab some when I next go job hunting but I have over 4 years doing basically it all at my current job which will look wild on a resume
static acorn
tuna
drowsy dust
half relic
certs are expensive
rapid merlin
I'm in love with WPF
sinful moon
that too and I have to pay out of pocket lol
especially lame with so many certs expiring after three years
drowsy dust
certs are expensive
comptia academy store is amazing for discounts
sinful moon
If I started a cert when I got my first IT job, it would have expired already
slate wing
Personally I don’t think I want or need any cloud certs, I’m not going into devo...
Yes def, So how did u land a job without a resume, I have 4 and i Can't land one lol
rapid merlin
especially lame with so many certs expiring after three years
Yeah; I'd only recommend certs if you're looking to get another job or something.
half relic
comptia academy store is amazing for discounts
good to know.
sinful moon
Yes def, So how did u land a job without a resume, I have 4 and i Can't land one...
networking via people honestly
slate wing
certs are expensive
ya but every job require them
sinful moon
I was basically hired as help desk and rapidly rose to infosec (everything) and sysadmin
half relic
sadly my first job after school was help desk but it requred a computer science degree
for some reason
sad that it requires that
orchid dome
I was basically hired as help desk and rapidly rose to infosec (everything) and ...
What were your qualifications when you landed your first job?
sinful moon
meanwhile it’s been my experience that CS grads are useless lol
sinful moon
Not all, but lately these days, I’ve heard others in CS degrees who stated that like half of their class struggled to even turn on their computers in the first lesson
grizzled void
Why is Paganini so good?
slate wing
Not all, but lately these days, I’ve heard others in CS degrees who stated that ...
lol
orchid dome
Why is Paganini so good?
Pagani or pagnini? Wth is paganini?
sinful moon
kids these days don’t have the benifit of groing up with computers, they grow up with tablets and phones instead, and have a warped sense of how tech works
grizzled void
Pagani or pagnini? Wth is paganini?
A violinist
slate wing
Not all, but lately these days, I’ve heard others in CS degrees who stated that ...
they r just in it for thr money or because their daddy told them 😂
drowsy dust
Pagani or pagnini? Wth is paganini?
tuna
sinful moon
I was lucky and got my first hand me downs around 9 years old
in the wonderful year 1999
grizzled void
in the wonderful year 1999
just before the y2k scare
sinful moon
They were all older computers, but fixing them up and etc got me into this all
slate wing
I was lucky and got my first hand me downs around 9 years old
oh u started tech at 9?
orchid dome
i didn't get a computer till i was 16
I had a computer at home but didn’t know what to do with it cuz I thought windows XP is useless 🙃
sinful moon
I mean technically ealier, depending on how you count. 9 was just when I had “my own” computer to do anything I wanted with
grizzled void
Hot take: I liked XP
sinful moon
I don’t think that’s a hot take
orchid dome
Hot take: I liked XP
It wasn’t bad
grizzled void
I also liked Vista
sinful moon
a hot take but true is that Win 2K is the best Windows OS ever and it’s all been downhill since
half relic
it seems like dll's would randomly go missing with xp
orchid dome
Everyone of the xp generation loves xp
What would you consider XP generation? 💀
silver sky
I also liked Vista <:kekw:658061932577816606>
Now we are falling out
plucky junco
a hot take but true is that Win 2K is the best Windows OS ever and it’s all been...
ok boomer
silver sky
What would you consider XP generation? 💀
Those who used XP obviously
timid prism
my grandpa has a old windows xp or smtn i dont know
all i used to care was it had solitare
sinful moon
Vista is what pushed me to using Linux instead in the mid to late 00s
been there since, but I use every major OS on the daily
half relic
its a good thing i did though that's the only reason I have my job now
the cs degree was pointless lol
half relic
so you are the best and the worst admin there
sinful moon
boss randomly asks, “can you whip up a webserver who hosts three legacy web clients we have who are too cheap to move on?” Sure!
very simple docker compose stuff but I was happy with it and the clients didn’t know the difference
sinful moon
plus it obsolited an ancient Win 2008R2 box we had serving this stuff previously lol
half relic
lol
sinful moon
yeah they’re literally just static sites
sinful moon
Wasn’t too hard, but I had some previous experience with deploying Docker Compose statcks and stuff, so wasn’t too difficult to make my own
sinful moon
were they built with dreamweaver lol
Nah they’re just really meh plain HTML, I don’t think a WYSIWYG editor was used or else the code would be way more ugly
I didn’t do much to the sites besides migrate them and update copyright notices and etc
half relic
i don't think i have ever seen a live site that was built by hand in html
with only html
sinful moon
You have I’m sure, you probably weren’t aware of it
half relic
well i mean the server
sinful moon
WYSIWYG editors kinda died in the 00s
half relic
and i work for a web host
sinful moon
Well CMS systems + CSS is an entirely different beast
static acorn
tuna
Active directory? Boi im about to Actively Direct you to my cabinet and give you some tuna!
eternal timber
WYSIWYG editors kinda died in the 00s
What even is that
sinful moon
“What you see is what you get”, basically like how MS Word shows you the formatting without markup, WYSIWYG web editors were the same way
and produced awful awful HTML
sinful moon
lol that’s because MS Frontpage and Dreamweaver have died
half relic
some people still try to use it
sinful moon
actually not sure if Dreamweaver is still alive but it would be better off dead if it isn’t already
half relic
there are no new versions
sinful moon
anyways, that’s my very brief devops experience if you can even call it that lol. But yeah I’ve got quite a bit of other Docker/Docker Compose experience under my belt
half relic
Im actually not sure why you need docker for flat html but I am used to control panels like plesk and cPanel
sinful moon
we’re just too small for k8s to make any sense
sinful moon
Im actually not sure why you need docker for flat html but I am used to control ...
Because we needed virtual hosting, three domains, one host. There are other ways to do so, but this was a clean solution in my eyes
sinful moon
mhmm
brave hinge
Hello Hackers!
static acorn
Hello Hackers!
Hi @brave hinge
white crow
My friend is a data engineer with 2.9 years of exp. and he is planning to switch towards Security Analyst(SOC). Is this a right move for him. Because there are no openings at present for his current role in the job market?
sinful moon
the Nginix Proxy Manager just handles the virtual hosting requirements and forwards to the correct container. I’d recommend Traffik instead though if I were doing this now
sinful moon
My friend is a data engineer with 2.9 years of exp. and he is planning to switch...
I honestly don’t know what a data engineer rightfully does, but I don’t see any issues with moving to SOC, hopefully higher than level 1 but that would be just fine if they’re just getting into the infosec field
Is Data Engineering like PowerBI bs and etc? lol, usually that sorta thing has a fancier title so idk
Yeah search basically confirmed it’s like PowerBI stuff and similar
sinful moon
Yeah makes sense, one of our clients is going through an awful migration for their data which is not going well, but whew, they are letting us go so not our problem lol
white crow
sinful moon
turns out upending 20 years of legacy technology debt they blamed on us even though it was company internal is not easy. All of their DBAs and similar were always internal lol
onyx timber
Which company are you from
sinful moon
Me? I work at a Managed Service Provider so we’re the IT for dozens upon dozens of clients
onyx timber
Ohh noice
static acorn
Me? I work at a Managed Service Provider so we’re the IT for dozens upon dozens ...
im so jelly beans
onyx timber
I am currently working as an intern at a startup as a soc lv1
sinful moon
Yeah it’s both great and has its downsides. When I was learning AD/GPO for the first time though, meant I had 12+ example domains to get aquatinted with and see real world examples of
white crow
@sinful moon His designation is software engineer with band U2. Is he doing a right move towards SOC?
sinful moon
I can’t rightfully say, but I mean, SOC gets a lot of data, and he is a data engineer lol.
if they have SIEM then he should do just fine if he adapts to the security focus
SIEM is very applicable to data engineering
oh “with the band U2” you don’t mean… lol
grizzled void
When I was working for an MSP it was a team of 4 (myself, the owner, and 2 others) managing 50+ small/medium companies. Boy some of the people calling in with their issues were not that pleasant to speak with.
white crow
My suggestion is like A.I is rapidly increasing and jobs are getting decreased. I suggested him to do a side hustle on SOC as cybersecurity jobs will be increasing and it's ever green.
sinful moon
When I was working for an MSP it was a team of 4 (myself, the owner, and 2 other...
Yep similar size although we’re only “slightly” larger than that
more on the order of 10-15 employees lol
half relic
Im just glad most of our customers are more technically proficient than most end users
when i worked on a help desk someone once called us cause the coffee maker wasnt' working
sinful moon
My suggestion is like A.I is rapidly increasing and jobs are getting decreased. ...
Eh, I wouldn’t worry about an AI run on our jobs, but sure, managed human SOC is a compliance requirement for so many regulations so has to happen indeed
grizzled void
we had a 5th guy who was hired in shortly after me however we had to let him go. Sadly the MSP no longer exists. I have a lot of appreciation for it and the coworkers I had
onyx timber
I lately had an issue with thm I purchased the 1 month premium membership and paid the required amt and still I am not able to access the premium rooms and material and also contacted the help support but ain't got any response donyou have any idea what should I do
sinful moon
Ah totally fair, ours has been running for over 20 years, of which I’ve only experienced about 4
rapid merlin
@sinful moon I worked in finance on 20yo legacy code 😄 https://en.wikipedia.org/wiki/Software_brittleness
orchid dome
Eh, I wouldn’t worry about an AI run on our jobs, but sure, managed _human_ SOC ...
What ai will do is make 1 person do the job of 5
sinful moon
I lately had an issue with thm I purchased the 1 month premium membership and pa...
I’d recommend contacting THM support, which is support@tryhackme.com
Moderators here will not be able to remediate fully
onyx timber
I’d recommend contacting THM support, which is support@tryhackme.com
I did that but ain't got any response
sinful moon
Keep in mind they operate on GMT/UTC time
half relic
how long ago did you contact them
onyx timber
Yesterday
sinful moon
Then let them address it today, again this is a UK company
onyx timber
Sure I saw will but one the sub told to join discord for instant help so I joined it today
sinful moon
If you don’t get anything by noon GMT/UTC time, then sure you could send a follow up
onyx timber
Yaaa
sinful moon
Totally fair, users or mods here can help you with tons of like tech support issues with the site, but billing and etc is beyond our control
onyx timber
Does this membership issue occurs always or is it just mee
slate wing
idk why but running a vm on the chome seems way fun then on a nomal vm
grizzled void
Ah totally fair, ours has been running for over 20 years, of which I’ve only exp...
I believe that is about how old this MSP was when I left
slate wing
idk why but running a vm on the chome seems way fun then on a nomal vm
am i the only one?
sinful moon
Does this membership issue occurs always or is it just mee
It’s just you, I’ve had no issues with my premium account. But I can’t speak for everyone else lol
onyx timber
am i the only one?
Noo I also have fun
onyx timber
It’s just you, I’ve had no issues with my premium account. But I can’t speak for...
Understandable
slate wing
Noo I also have fun
so u would chome one anytime?
sinful moon
am i the only one?
Try ssh tunneling your HTTP(S) traffic to your local computer from your cloud VM and using Burp Suite as SOCKS proxy to send to Foxy Proxy in Firefox on your local. Now that is fun and awesome
I do the same to tunnel RDP traffic from THM to my local and it’s wild
erm minus the Burp and etc obvs
slate wing
Try ssh tunneling your HTTP(S) traffic to your local computer from your cloud VM...
Was that English?
sinful moon
yes lol
slate wing
Lol i don't know what u mean too technical
onyx timber
So I had a question I started cybersecurity a month back I have enough knowledge about the basics but it's theoretical so I would like some guidance
sinful moon
Lol i don't know what u mean too technical
tl;dr I tunnel traffic I need from THM or HTB from my cloud VM to my local computer so I can view these resources… locally
my cloud VM is the one connected to THM via OpenVPN and this segments my exposure to THM/HTB entirely
compared to using a local VM
rapid merlin
announcement soon I suspect 🙂
sinful moon
or in other words it’s babby’s first c2 lol
since I use this server basically as such being my attack machine
strange current
do i try to finish the cryptography unit today or do i just play hell let loose
sinful moon
I over specced it so I’m living with the nearly $20 a month cost, but realistically that’s not doing too bad. I could have just gotten away with a $5-10 expenditure instead, which helped when I was actually deploying this cloud VM provider at work
I do not actually need 2 cores and 4GB of RAM on my headless attack machine lol
rapid merlin
1h 15m
half relic
yeah probably not
sinful moon
Just sounded neat and I didn’t know what I needed until I tried lol
i have a screenshot of that somewhere
rapid merlin
fml I hate staying awake
are you staying up for the announcement?
sinful moon
rapid merlin
are you staying up for the announcement?
na doctors appointment lmao
sinful moon
this guy
rapid merlin
na doctors appointment lmao
ah! 🙂
sinful moon
lol I’ve used Arch for 18 years but yeah totally fair
onyx timber
So I had a question I started cybersecurity a month back I have enough knowledge about the basics but it's theoretical so I would like some guidance
sinful moon
only regret for a pentesting server is postgresql admin for metasploit is a pain in the butt for rolling release
so I had to learn how to be DBA just to update that stuff… if I don’t just get fed up and wipe it out lol
grizzled void
do i try to finish the cryptography unit today or do i just play hell let loose
finish the cryptography unit
orchid dome
So I had a question I started cybersecurity a month back I have enough knowledge...
First check your level then try some easy challenges which you think you can compete on your own
strange current
finish the cryptography unit
oh god
half relic
lol i can see that i just installed kali